This week, some of the CHERIoT team will be at MICRO 2023 presenting the first paper about the CHERIoT platform: [1]. This paper describes the CHERIoT ISA extension and the microarchitectural techniques used to make it fast, with low area overhead.

The paper describes how the same architecture can be supported on cores in two interesting places in the microcontroller design space. Our initial prototype implementation, described in the paper, was based on the Bluespec Flute core. This is a five-stage in-order pipeline that is capable of hiding the latency of some of the more complex operations. Our production-quality core is the CHERIoT Ibex, an area-optimised 2-3 stage pipeline.

Robert Norton-Wright and Kunyan Liu will both be present, so drop by the poster session to chat and attend their talk in session 5A on Wednesday if you’re there!

If you can’t make it, the paper and poster are both online (see below). This paper focuses on the hardware. If you would like to understand the software stack more, we’ve been gradually writing documentation for the RTOS and aim to add more soon.

Full citation

  1. Saar Amar, David Chisnall, Tony Chen, Nathaniel Filardo Wesley, Ben Laurie, Kunyan Liu, Robert Norton, Simon W. Moore, Yucong Tao, Robert N. M. Watson and Hongyan Xia. CHERIoT: Complete Memory Safety for Embedded Devices. proceedings of the 56th IEEE/ACM International Symposium on Microarchitecture, Association for Computing Machinery (2023). [pdf] [poster] [doi]
      author = {Amar, Saar and Chisnall, David and Chen, Tony and Wesley, Nathaniel Filardo and Laurie, Ben and Liu, Kunyan and Norton, Robert and Moore, Simon W. and Tao, Yucong and Watson, Robert N. M. and Xia, Hongyan},
      title = {{CHERIoT}: Complete Memory Safety for Embedded Devices},
      doi = {},
      year = {2023},
      month = oct,
      location = {Toronto, Canada},
      publisher = {Association for Computing Machinery},
      booktitle = {proceedings of the 56th IEEE/ACM International Symposium on Microarchitecture},
      pdf = {papers/2023-micro-cheriot-uarch.pdf},
      poster = {papers/2023-11-31-MIRCRO-CHERIoT-Poster.pdf}

    The ubiquity of embedded devices is apparent. The desire for increased functionality and connectivity drives ever larger software stacks, with components from multiple vendors and entities. These stacks should be replete with isolation and memory safety technologies, but existing solutions impinge upon development, unit cost, power, scalability, and/or real-time constraints, limiting their adoption and production-grade deployments. As memory safety vulnerabilities mount, the situation is clearly not tenable and a new approach is needed.

    To slake this need, we present a novel adaptation of the CHERI capability architecture, co-designed with a green-field, security-centric RTOS. It is scaled for embedded systems, is capable of fine-grained software compartmentalization, and provides affordances for full inter-compartment memory safety. We highlight central design decisions and offloads and summarize how our prototype RTOS uses these to enable memory-safe, compartmentalized applications. Unlike many state-of-the-art schemes, our solution deterministically (not probabilistically) eliminates memory safety vulnerabilities while maintaining source-level compatibility. We characterize the power, performance, and area microarchitectural impacts, run microbenchmarks of key facilities, and exhibit the practicality of an end-to-end IoT application. The implementation shows that full memory safety for compartmentalized embedded systems is achievable without violating resource constraints or real-time guarantees, and that hardware assists need not be expensive, intrusive, or power-hungry.